IT Operations Trench

Thursday, September 10, 2015

Now if you have been following me, especially on Linkedin, you know I'm no longer running the Network and Security teams at Extreme. That doesn't mean though that I'm not still in touch with people there and in touch with what's going on over there.

I'm doing consulting and contract work, but also looking for full time work. If you know anyone who wants to improve their IT efficiency, has security concerns and or is looking for a good IT leader or strong lieutenant please reach out.

This week though I'm helping a long time customer with a NAC and Security assessment. Part of that is helping to customize their Netsight instance to be a bit more useful to them. They are an Extreme customer from the Enterasys days so they have all Enterasys switches, not wireless though.

If you use Oneview, which is the web based interface to Netsight, you have probably seen the dashboards that exist. The NMS dashboard is sort of the main one I used to use. It's a good overview of the health of the network. If you don't use Extreme wireless though the entire middle pane is wasted.

So I wanted to change that to show NAC (or Identity and Access Manager if you like that name better). I figured since I was doing the work, I'd share with you how easy it is to do.

Login to Oneview and go to the administration tab, then click on Report Designer.

Choose the “system reports” you want to change. The main screen is NMS Dashboard but you can also change the Purview or Identity and Access Manager ones as well.

Simply change the Component name to be the data you want to show and then click save.

You can only use existing components but there are quite a few. These are some of the Identity and Access ones.

It will bring up the new Dashboard automatically.

If you want to delete it, go into the My Reports at the top. (not the one you originally edited) , highlight the one you want to get rid of and hit the delete icon.

The help files in Netsight are really good about this as well.Hope it helps!

Tuesday, May 12, 2015

I'll bet a lot of people read this post already http://boingboing.net/2015/05/07/drug-pump-is-most-insecure.htmlIt talks about one particular medical device that has practically no security. No passwords, open telnet by default and a root shell. Yikes! For those not really into IT security, that's really bad....It also talks about some other devices that are almost as bad. But in the medical space these devices are needed. I mean if someone doesn't get the right dose of drugs they will die and if this is the only machine available (I'm not saying it is), then until it is really fixed patients and doctors unfortunately need to roll the dice and hope for the best. Sort of like we all do with identity theft every day, but that's a different story.So what can CIOs and CISOs do to protect them? Well the short answer is get after the vendors, but in the real world that takes time and honestly a lot of time IT just doesn't carry that much weight to over rule the medical professionals. As much as that's the right thing to do, it's not the effective thing to do.Instead secure the network and don't allow unauthorized machines to connect to these devices. Tools like Network Access Control (NAC) and Network policy have been around for years (decades in some cases) and allow IT administrators and security experts to restrict how and who can connect to these insecure devices.For example, if people outside of IT shouldn't be allowed to telnet to the drug pump, the network can simply block all access to it. You can even go a step further and log if someone tries to telnet to it and alert security to investigate who did it and why.If you are worried about someone unplugging the pump from the network and plugging it into a switch to tamper with it, you can even monitor the device and alert when it goes offline. That's probably not a bad thing to do actually in case the device fails.I think we need to stop throwing our hands up and saying "The device isn't secure, it's not fair" and instead look at when we can do today with existing technology. We can make things better so don't give up.

Thursday, April 30, 2015

IT has a reputation of not communicating well. Which is sort of funny, if you think about it, we enable all sorts of communications from voice mail, video conferencing, e-mail, instant messaging and the list goes on and on.

So here are a list of communication tips you should be using. Many of these are informal communications, things I wouldn't send out to the whole company on email, but using a tool like Chatter from Salesforce.com, SharePoint from Microsoft, or even an internal blogging platform is a great way for people that are interested in what is going on, to be able to know. It also has the benefit of letting me not feel like an internal spammer.

System down alerts. This includes all the times that something fails but doesn't cause an outage. What a great way to market all the thought you put into redundancy, fail-over and availability without sounding like a self-promoting ass. Of course outages that do cause a significant impact need to go here too. Hopefully you don’t have too many of those.

Roadmaps – We all know that roadmaps change, and sometimes pretty frequently, and I know that’s why a lot of us don’t share roadmaps. The trick is to add the commentary so when it changes people understand why it changed. It’s also a great way for people to know what is coming and to be able to proactively train on them before they need to use them.

Informal notifications on upgrades – Look no one cares if you patch servers, they care about them being available. Letting them know that you are patching them Sunday night at midnight is a good thing, especially if it fixes or avoids an issue.

Training – There are a lot of free training resources from Microsoft, Apple, Google or Salesforce.com or SAP offer online videos too. These are great things for you to share either on your IT web site, or informally through blogs or chatter.

Security issues that may impact people at home. It’s a pretty safe bet that your employees have computers at home and would likely find value in any heads up on security incidents that are impacting the company. They are probably seeing some of the same attacks at home and may not know it. With so many people using their home machines to check email or login to the company, making their home machines more secure is always good.

Team recognition. There is probably not a lack of innovation in your team, why not recognize it and get some recognition for the cool things your team is working on. We regularly would do a "Geek of the week" award. It's kind of cheesy, but helps show that we value innovative ideas.

Personal accomplishments. IT administrators are people too and no doubt have major personal accomplishments. Maybe one of your staff just finished their MBA, or the Boston Marathon. It’s good for people to know your team as people, and not just the person that fills the toner when the printer is out. If your company likes the people in IT, they are going to like IT as well.

Blog on industry trends. Many of us in IT actually know what the trends in IT are, in fact you may have people that are influencing those trends. Why not share the insight you bring to the company as a whole. Now let’s be clear, your opinion on the latest power over Ethernet specification may not be too interesting to the co-op in finance or the VP of HR, but you never know, they may be pursuing a masters in electrical engineering and are also working on PoE.

Deals or discounts. If you have a corporate plan with a cell carrier, you may be able to offer the same discount to employees. It’s probably the same with many of your vendors, like Dell, Microsoft or Motorola. If you can help save employees money, what a great way to show added value to them.

Surveys and feedback. I am a bug fan of measuring IT customer satisfaction. In fact I'd argue that of all the metrics, this is the one that actually matters. It's a great idea for the CIO (or a senior IT leader) to personally reach out to some number of resolved helpdesk tickets. It shows you care, and shows that you are open to feedback. When asking for feedback, the real trick is to actually listen and act on the feedback. Asking and then ignoring is actually worse that not asking.

These are some of the things I have done in the past to make IT more approachable, responsive and likable. I'd love to hear what other people do as well!

You can also find this on Linkedin and follow me there as well. https://www.linkedin.com/pulse/communications-you-should-doing-arent-rich-casselberry

Thursday, April 9, 2015

I try to bite my tongue and not rant, but sometimes material just presents itself and it's too good to pass up.

I just got a call from a local ISP. It went to voice mail , of course, but I digress.They had recently installed new fiber for another company in our building and wanted to talk about diverse paths and redundancy.

Perfect. It's always good to know about options and even though we already have a separate fiber from two different companies, it's good to have a third option, especially when our 2 year contract is almost up.

In fact, it seemed great. A sales call for a product I can use and timing that is almost right.

So why, the post?

Well after she talked about the diverse fiber she went on to explain that they also offer Cisco hosted voice and we should look at replacing our phone system and upgrading to Cisco.

Now, I'm sure they do a lot of business selling Cisco phones and I think that's great. But, Extreme, where I work, is a competitor to Cisco and I will never buy Cisco products here. I mean that would be like showing up to the Microsoft Redmond campus and trying to sell an ipad, or going to Ford's corporate offices in a Subaru.

Nothing wrong with Subaru, Iphone or Cisco, but know your audience. If she had stopped at diverse fiber paths, I'd be on the phone now.

I'm actually torn between ignoring the call, and calling back and going "Really? Cisco? Really?" like Seth and Amy from Saturday Night Live. Or Seth and Kermit

Tuesday, October 7, 2014

A lot has been written on employee engagement and it seems to be top of mind for a lot of executives. I had a discussion recently with a CEO friend of mine who is concerned that his employees aren't really engaged. They had done a third party engagement study, and I'm sure paid a fair amount to have it done, and weren't excited about the results.

"How can I get employees more engaged and excited about the company?" he asked. Now I'm sure in the expensive study he paid to have done they had some great business school advice which had all the latest buzzwords in it. What he really wanted, I think, was down to earth help.

I'm not one to beat around the bush so I asked "Well how engaged are you with the employees?" So below is my advice to be a more engaged executive which will then lead to more engaged employees.

1. How many employees do you know? In this case it's one building with 350 or so employees. In my mind he should be able to at least recognize most of them by sight. Now maybe it's unfair to expect him to know their family history, hobbies and spouses name, but his direct reports and their direct reports is a small group. I worked for one VP of IT who had "flash cards" of his team made up so he could remember them better.

2. Does he eat lunch in the company cafeteria. In my opinion the best way to get to know people is to be seen by them. Grab a table and a sandwich and talk over lunch. It's easy to hate the CEO, it's harder to hate "Rich".

3. Make communications frequent and informal. Anyone that thinks a quarterly newsletter is going to help change culture is missing the point. Culture takes time and investment and great communication. A newsletter, probably written by marketing, isn't going to do it. Now I'm not saying that's a bad thing, in fact I think company newsletters are great, but that's not communicating. When you do need to send an email out or voice mail etc, let your personality shine through. People like people so let them know you are a real person.

4. When you have bad news to deliver, get it out of the way as quickly as you can, without a lot of spin. We've all heard the usual canned speeches, dispense with that and speak what you mean. A rule of thumb is this "If you need to take 3 days or more, or a committee review to get a communication out, it's spin". That's OK for an annual report but this is your employees, your family, open up and be yourself. Now that doesn't mean airing dirty laundry or trade secrets, but being honest and open is OK.

5. Explain the why. Many years ago the company I was at had a gap in our product portfolio and there were a lot of startups filling that need. I was surprised we hadn't bought one and finally got a chance to talk to our CTO about it. It turned out that we had reviewed several and couldn't justify what they were asking based on the amount of revenue we expected the product to bring in. Clearly the executive team had spent a lot of time thinking about this and once I knew the reasoning, it made sense.

What are some other tips you have seen help get employee engagement working?

Wednesday, March 26, 2014

I haven’t had a chance to talk about a lot of the cool
companies I've run across lately. I've seen a few, Ziften, Cloudbyte and this
one, Infinio. I actually got to go meet the Infinio team in Cambridge yesterday
which was great. I always forget how cool Kendall Square is until I get to spend time there.

So here’s my notes in Infinio. Standard disclaimer… I don’t
work for them and I’m not speaking for them, but if you are interested in them
I’d be glad to introduce you…

You know how when you are designing storage you have to
think about not just capacity, but the number of drives too. I remember we
needed around 500GB of storage for our SAP instance but we ended up having to
get 8 times that amount of drives to reach the number of iops we needed for the
application to perform well. That seemed crazy to me.

Now it’s a bit better now, if you are buying new storage you
can have them add in SSD drives and most of the storage companies now do
auto-tiering so that “hot data” goes on the faster SSD drives and the rest goes
on the spinning disks. But SSD is still really expensive and if you already
have your storage environment, it’s a project to add SSD to it.

Enter Infinio. They claim, and I say claim only because my
team hasn't done it, that you can download their software, install it, and have
a much better performing ESX environment in 30 minutes with no downtime. I went
through the install and it took less than 10 minutes, but that was in a lab in
ideal conditions, point is 30 minutes is definitely believable. And yes you
read that last paragraph correctly, it’s just software and you don’t need to
reboot…

The way it works is it allocates a VM on each ESX host and
essentially uses memory on the box (currently 8GB) and a single vcpu, as part of a distributed
cache. There is also an additional VM for a management console that needs 2 vcpu's.

The metrics were impressive, though I have to admit I don’t
remember the details. It seemed like it showed at least double the performance
but did a really nice job smoothing out the disk loading too. Don't take my word for it, or even their word for it, take an hour and test it in your environment.

In theory this would also reduce the amount of network
traffic to the storage too so it could help you stretch your 1Gb data center a
little longer and avoid having to upgrade to 10Gb. Of course my company, Extreme Networks, sells network switches so I probably shouldn't point that out…

Now there are a few gotchas... It supports ESX with NFS
datastores, if you use block level datastores like iscsi it won’t help. Now I
don’t think they said this, but I can imagine that they are going to work on a
version that works with iscsi too. Right now it only works with VMware as well.
If you are using HyperV or something else, you’re out of luck for now, again I
wouldn't be surprised if they are thinking about future releases adding support
for other vendors but they definitely didn't say that.

So if you are running ESX against NFS datastores, check it
out. You literally can install it at lunch, test it and uninstall it with no
downtime. You might be surprised at how well it works.

A few other folks have looked at this. One is Jonathan Frappier, who you definitely want to follow. He has a blog called Virtxpert and
covers a lot of super cool virtualization stuff. The Infinio specific posts are here

Another person that talked about Infinio is Steve Duplessie from ESG. Again definitely someone good to follow, ESG has great research and Steve is an
awesome speaker and definitely knows what he is talking about. He discusses Infinio in this video.

Thursday, February 13, 2014

Many CIO's I talk to are 100% confident that they have an awesome IT department. Sometimes though when you talk to their users you get a different story. I don't think CIO's are wrong to think they have a really good team, I mean we all like to think we are the cream of the crop but here is a hypothetical scenario I want you to think about.

Imagine, if you will, that your company just re-branded and now you have all these new templates you want to get people to start using. A user calls into the service desk (or emails if that's more believable for you) and asks where to get it.

A good IT department will have a service desk that says "You can get the updated templates from the marketing site at http://marketingsite/, obviously substituting the URL for the right one.

A really good IT department will then follow up the next day and ask if they got it OK, needed any help installing it or using it, and maybe even offer training if the user seems confused.

An IT+ department will do all of that, but then go to the administrators and see if there is a way to automatically install these templates globally to everyone so that users everywhere can automatically see them when they chose to create a new template.

Often times, and what the gold star service is, would be an IT department that is so in tune with the business that the marketing team and IT already thought about this and had the new material lined up and ready to go because IT thinks about what they business needs and the business knows IT will help and brings the into the loop early. Ideally this conversation happens at all levels of the business, not just the CIO and CMO level.

Take a minute and think about how your service desk would respond. Would they even respond? If not you need to address that pretty soon. Build a metrics report showing SLA's around response time and make sure you, the CIO, review them every day and get rid of people who don't get it.

Would they ask "What's powerpoint?" If so I'd suggest training. A lot of training actually. Your service desk is the fact of IT and you need them to be on top of their game all the time. Make them the early adopters (at least some of them). Show them it's OK to learn new things and get them to be innovators. Just because they are helpdesk not architects doesn't mean they don't have great ideas.

Are they good? Congratulations. Do you want them to be great? Then let them know it's OK to suggest solutions to the real problem. Closing the ticket is not the same as fixing the problem. Let them know that you expect them to do both, and then make sure your admins understand that message too. You want to encourage them to work together to solve issues.

And if you want the gold star, make sure you encourage your team to talk to their peers in the business. It's OK to sit in the caf and have a cup of coffee with the marketing team. I mean clearly if the network is done that's not the right time, but let them know part of their job is relationships.

My previous CIO gave me the goal that 30% of my time should be spent internal networking. It was probably the best advice I've gotten. Once you meet people on a personal level and become friends, you become more than IT, you become "Rich who works in IT' and it's much harder to blame or dislike a person than a department or title. Plus you get rid of business alignment problems that plague most of our industry.